Tornado Cash developer sentenced to more than five years imprisonment in the Netherlands

Alexey Pertsev, one of the developers of the Tornado Cash mixing service, was found guilty of money laundering and sentenced to 64 months imprisonment in the Netherlands. Prosecutors claimed that Pertsev knew the service was being used to launder money, but "chose not to intervene". They argued that, although the developers could not necessarily prevent bad actors from laundering money through the service directly, they could have done more to prevent people from using the web interface to wash funds from known criminal wallets.

The case is a concerning one, as sanctioning software developers for how the code they write is used — particularly when it comes to software intended to protect privacy — has frightening implications. Although there is some precedent in the United States that "code is speech", and merely writing and publishing code is protected by the First Amendment, that obviously does not apply to the Netherlands. A collaborator to Pertsev, Roman Storm, is set to be tried on charges of money laundering and sanctions violations in the United States in September, and that case is likely to grapple with this exact issue.

Sonne Finance hacked for at least $20 million

The Sonne Finance lending protocol was exploited for at least $20 million as an attacker was able to exploit a vulnerability in some of their smart contracts. Sonne is a fork of the Compound Finance project, which has known vulnerabilities that are sometimes not properly addressed by people who reuse the code — as has happened with Radiant Capital and Rari.

After being alerted to the theft by several security companies, Sonne announced they had paused the contract on the Optimism Ethereum layer-2 chain.

Cypher contributor admits to stealing over $300,000 due to "crippling gambling addiction"

After the founder of the Solana-based Cypher futures trading protocol publicly accused a core contributor of stealing funds, the contributor — publicly known only as "hoak" — has confessed to the thefts.

Cypher was hacked for $1 million in August 2023, but was able to recover around $600,000 of the stolen funds, which they promised to distribute to impact users via a redemption fund. However, over a period of months and unbeknownst to the rest of the team, hoak had been dipping into the recovered funds — taking around half of what was in the fund for himself.

After he was accused, hoak fessed up in a public statement where he wrote that his actions were a "culmination of what snowballed into a crippling gambling addiction and probably multiple other psychological factors that went by unchecked for too long." He continued: "I know likely nothing I say or do will make things better - perhaps other than rotting in jail. To address the elephant in the room, the allegations are true, I took the funds and gambled them away. I didn’t run away with it, nor did anyone else."

SEC sends Wells notice to Robinhood Crypto

Robinhood has disclosed that they received a Wells notice from the US Securities and Exchange Commission in relation to their "Robinhood Crypto" product. This indicates that the SEC believes that some of the assets that can be traded via Robinhood Crypto are securities.

In the past, Robinhood has removed cryptocurrencies from trading after they were alleged to be securities by the SEC, such as Solana (SOL), Cardano (ADA), and Polygon (MATIC) in the wake of the lawsuits against Binance and Coinbase. However, given the SEC's stance that most cryptocurrencies are securities, it seems likely that the SEC believes one or more of the 14 non-bitcoin cryptocurrencies Robinhood offers may also be a security.

Robinhood's Chief Legal Officer issued a statement that "We firmly believe that the assets listed on our platform are not securities and we look forward to engaging with the SEC to make clear just how weak any case against Robinhood Crypto would be."

GNUS.ai exploited for $1.27 million

An exploiter was able to create a fake version of the $GNUS token on the Fantom blockchain, then bridge the tokens to Ethereum and Polygon where they were then sold as though they were authentic. They were able to drain $1.27 million from the project's liquidity pools.

GNUS.ai (short for "Genius", not a reference to the animal) is one of many AI-related blockchain projects that has sprung out of the recent AI hype. This particular one promises to allow people to "utiliz[e] unused cycles" on various computing devices for computation-intensive AI systems, using cryptocurrency for payments.

Cred executives indicted

The former CEO, CFO, and CCO of the cryptocurrency lending service Cred have been indicted on multiple charges involving wire fraud and money laundering. They were charged in connection with their operation of the Cred platform, which went bankrupt in November 2020 after hiding its insolvency for several months.

Cred had claimed to customers that they engaged in only "collateralized or guaranteed lending", hedged their investments, and "comprehensive insurance", but hid that "virtually all the assets to pay the yield were generated by a single company whose business was to make unsecured micro-loans to Chinese gamers." Furthermore, they did engage in uncollateralized lending, did not hedge their investments, and did not hold insurance as they had claimed.

Around $150 million in customer funds were lost in the collapse based on prices at the time, though those crypto assets would have been priced substantially higher at various times since.

Wallet loses over $72 million to address poisoning

An Ethereum wallet was apparently drained of 1,155 wrapped bitcoin (~$72.7 million) when they transferred it to a malicious address that had been operating an address poisoning scheme.

Address poisoning is a scam tactic that takes advantage of crypto traders' tendencies to copy and paste wallet addresses from their transaction histories, since the addresses are long strings of characters that are not practical to type from memory. By creating a new wallet address with identical start and/or ending character strings to addresses used by the victim, and spamming the victim with transactions from that similar address, scammers are sometimes able to get victims to erroneously copy the spoofed address for future transfers.

That's what appears to have happened in this case, when a victim transferred 1,155 wrapped bitcoin — tokens pegged to the bitcoin price meant for use on the Ethereum blockchain — to the malicious address.

The victim and the exploiter later reached an agreement for the return of most of the funds, with the exploiter keeping $7.2 million as a "bounty".

Pike Finance exploited for $2 million in two separate attacks

Pike Finance, a cross-chain lending protocol, was exploited twice in four days as attackers discovered vulnerabilities in the project's smart contracts.

The first attack, on April 26, was enabled by a flaw in the security measures related to transfers of the USDC stablecoin. An attacker was able to change the recipient address and amount, ultimately making off with almost $300,000 in the stablecoin. Pike released a postmortem two days later, acknowledging that the bug had been identified by a third-party auditor but had not been rectified by their team.

When the Pike team went to patch the smart contracts to thwart this attack, they introduced new, even worse vulnerabilities. As a result, on April 30, an attacker was able to upgrade the project's smart contracts to malicious ones, then withdraw $1.68 million in ETH, ARB, and OP tokens.

Pike Finance has offered a 20% reward for the return of the funds or information pertaining to the attacker, and has promised "a plan to make users whole". Pike, which launched in early 2024, is backed by Circle and Wormhole.

Roger Ver arrested for $50 million tax fraud

Portrait of Roger VerRoger Ver (attribution)
Roger Ver, an early bitcoin investor who later became an outspoken evangelist for the fork Bitcoin Cash, has been arrested on tax fraud charges. According to the Department of Justice, Ver evaded almost $50 million in owed taxes by concealing income and lying to tax preparers about his bitcoin assets as he attempted to renounce his US citizenship and become a citizen of the tax haven St. Kitts and Nevis.

Ver was arrested in Spain, and the United States will seek his extradition.

Besides his tax woes, Ver has also been caught up in accusations by CoinFLEX that he owed the platform around $84 million after failing to meet a margin call. Ver has in turn claimed that CoinFLEX owed him money. CoinFLEX filed for restructuring in August 2022.

Changpeng Zhao sentenced to four months imprisonment

Changpeng ZhaoChangpeng Zhao (attribution)
Former Binance CEO Changpeng "CZ" Zhao has been sentenced to four months in prison after pleading guilty to money laundering-related charges. The charges were filed in November, and Zhao entered a guilty plea, resigned from the company, and agreed to pay a $50 million fine.

Prosecutors sought a three year sentence for Zhao, while Zhao requested to serve no time. The judge ultimately decided on a sentence closer to the five-month sentence that was being recommended by the Probation Office.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.